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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection 
contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6,668,322 B1 Wood et al/ 12-2003 

6,035,404 Zhao 03-2000 
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6,226,752 B1 



Gupta et al. 



05-2001 



(9) Grounds of Rejection 



The following ground(s) of rejection are applicable to the appealed claims: 



Claim Rejections - 35 USC § 103 



1. Claims 1, 3-10, 12-20, 22-29, 31-38, 40-49, 51-59, 61-69 and 71-78 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Wood et al. (hereinafter Wood) (US Patent No. 
6,668,322 B1) in view of Zhao US Patent 6,035,404. 

2. As per claims 1 , 7 and 9 Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving a first request from a user for an application instance (user request for 
information resources / applications, see columns 4, lines 60-67 and column 5, lines 1-9) , the 
request including a single identifier for all user requests without further user and session 
application variables (i.e., a user providing a unique session identifier, that is used for access 
requests to multiple applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 
49-53]; and 

transmitting an application instance response to the user based on stored user and 
session system information (if session information indicate sufficient authorization providing 
access to requested application or resource) [column 8, lines 13-25, column 19, lines, 33-44, 
64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
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control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
method for performing user and session management. It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

3. As per claim 8, Wood teaches a method for performing user and session management 
over a computer network, comprising: 

a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 10, 
lines 1-29 and column 20, lines 35-60): 

receive a first request from a user for an application instance (user request for 
information resources / applications, see columns 4, lines 60-67 and column 5, lines 1-9) , the 
request including a single identifier for all user requests without further user and session 
application variables (i.e., a user providing a unique session identifier, that is used for access 
requests to multiple applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 
49-53]; and 

transmit an application instance response to the user based on stored user and session 
system information (if session information indicate sufficient authorization providing access to 
requested application or resource) [column 8, lines 13-25, column 19, lines, 33-44, 64-67, 
column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier used to 
identify both a session and a user. However, it is old and well known in the art to identify both a 
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session and a user by a single identifier, which has the advantage of allowing flexible control of 
user logins and session information thereby enhancing security of the system. For example, 
Zhao teaches a user access system including a single identifier used to identify both a session 
and a user for all user requests (i.e., see for example, Session ID associated with IUID & Start 
Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method 
for performing user and session management. It would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to employ the teachings of Zhao within 
the system of Wood thereby enhancing the security of the system. 

4. As per claims 10, 17 and 19, Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving a request for an application instance from a user (user request for information 
resources / applications[columns 4, lines 60-67 and column 5, lines 1-9]; 

assigning a single identifier to the user for handling all user requests(i.e., providing a 
unique session identifier to a user, that is used for access requests to multiple applications) 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

transmitting an application instance response to the user, wherein the single identifier is 
static for all requests from the user for a session [column 8, lines 1 3-25, column 1 9, lines, 33-44, 
64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
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& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
method for performing user and session management. It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

6. As per claim 18, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising: 

a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 10, 
lines 1-29 and column 20, lines 35-60): 

receive a request for an application instance from a user (user request for information 
resources / applications )[columns 4, lines 60-67 and column 5, lines 1-9]; 

assign a single identifier to the user for handling all user requests(i.e., providing a unique 
session identifier to a user, that is used for access requests to multiple applications) [column 8, 
lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

transmit an application instance response to the user, wherein the single identifier is 
static for all requests from the user for a session [column 8, lines 13-25, column 19, lines, 33-44, 
64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
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method for performing user and session management. It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

8. As per claims 20, 26 and 28, Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving a first request from a user for a first application instance, the first request 
including an identifier (user request for information resources / applications)[columns 4, lines 60- 
67, column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 

transmitting a first application instance response to the user [column 19, lines 64-67, 
column 20, lines 1-8 and column 9, lines 40-63]; 

receiving a second request from the user for a second application instance, the 
second request including the identifier, and processing the request with the second application 
instance [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is 
silent on a single identifier used to identify both a session and a user. However, it is old and well 
known in the art to identify both a session and a user by a single identifier, which has the 
advantage of allowing flexible control of user logins and session information thereby enhancing 
security of the system. For example, Zhao teaches a user access system including a single 
identifier used to identify both a session and a user for all user requests (i.e., see for example, 
Session ID associated with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 
6]. Both Wood and Zhao teach a method for performing user and session management. It would 
have been obvious to one having ordinary skill in the art at the time of applicant's invention to 
employ the teachings of Zhao within the system of Wood thereby enhancing the security of the 
system. 
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9. As per claim 27, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising: 

a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 10, 
lines 1-29 and column 20, lines 35-60): 

receive a first request from a user for a first application instance, the first request 
including an identifier (user request for information resources / applications)[columns 4, lines 60- 
67, column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 

transmit a first application instance response to the user [column 19, lines 64-67, column 
20, lines 1-8 and column 9, lines 40-63]; 

receive a second request from the user for a second application instance, the 
second request including the identifier, and processing the request with the second application 
instance [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is 
silent on a single identifier used to identify both a session and a user. However, it is old and well 
known in the art to identify both a session and a user by a single identifier, which has the 
advantage of allowing flexible control of user logins and session information thereby enhancing 
security of the system. For example, Zhao teaches a user access system including a single 
identifier used to identify both a session and a user for all user requests (i.e., see for example, 
Session ID associated with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 
6]. Both Wood and Zhao teach a method for performing user and session management. It would 
have been obvious to one having ordinary skill in the art at the time of applicant's invention to 
employ the teachings of Zhao within the system of Wood thereby enhancing the security of the 
system. 
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10. As per claims 29, 36-38, 44 and 46, Wood teaches a method for performing user and 
session management over a computer network, comprising: 

receiving, from a user, a first request in a first session, the request including an identifier 
(note that unique session identifier is used for access requests to multiple applications) [column 
8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 

transmitting a first application instance response to the user in response to the first 
request [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; 

receiving, from the user, a second request in a second session, the second user request 
including the identifier, and processing the second request through the first application instance 
[column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is silent on a 
single identifier used to identify both a session and a user. However, it is old and well known in 
the art to identify both a session and a user by a single identifier, which has the advantage of 
allowing flexible control of user logins and session information thereby enhancing security of the 
system. For example, Zhao teaches a user access system including a single identifier used to 
identify both a session and a user for all user requests (i.e., see for example, Session ID 
associated with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both 
Wood and Zhao teach a method for performing user and session management. It would have 
been obvious to one having ordinary skill in the art at the time of applicant's invention to employ 
the teachings of Zhao within the system of Wood thereby enhancing the security of the system. 

11. As per claims 35 and 45, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising (9, lines 65-67, column 10, lines 1-29 and 
column 20, lines 35-60): 
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a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 10, 
lines 1-29 and column 20, lines 35-60): 

receive, from a user, a first request in a first session, the request including an identifier 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 

transmit a first application instance response to the user in response to the first request 
[column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; 

receive, from the user, a second request in a second session, the second user request 
including the identifier, and process the second request through the first application instance 
[column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is silent on a 
single identifier used to identify both a session and a user. However, it is old and well known in 
the art to identify both a session and a user by a single identifier, which has the advantage of 
allowing flexible control of user logins and session information thereby enhancing security of the 
system. For example, Zhao teaches a user access system including a single identifier used to 
identify both a session and a user for all user requests (i.e., see for example, Session ID 
associated with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both 
Wood and Zhao teach a method for performing user and session management. It would have 
been obvious to one having ordinary skill in the art at the time of applicant's invention to employ 
the teachings of Zhao within the system of Wood thereby enhancing the security of the system. 

12. As per claims 47, 55 and 57, Wood teaches a method for performing user and session 
management over a computer network, comprising: 

receiving a first request from a first user session for a user, the first request including an 
identifier [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; and 
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transmitting a first response to the first request, based on the identifier and a first system 
session variable stored in a user database (if session Information indicate sufficient 
authorization providing access to requested application or resource) [column 8, lines 13-25, 
column 19, lines, 33-44, 64-67, column 20, lines 1-7 and column .11, lines 12-33]; 

receiving a second request from a second user session for the user, the second request 
including the identifier without further user or session application variables, and transmitting a 
second response to the second request, based on the identifier and a second system session 
variable stored in the user database [column 19, lines 64-67, column 20, lines 1-8 and column 
9, lines 40-63]. Wood is silent on a single identifier used to identify both a session and a user. 
However, it is old and well known in the art to identify both a session and a user by a single 
identifier, which has the advantage of allowing flexible control of user logins and session 
information thereby enhancing security of the system. For example, Zhao teaches a user 
access system including a single identifier used to identify both a session and a user for all user 
requests (i.e., see for example, Session ID associated with IUID & Start Time and Time out) 
[column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method for performing user 
and session management. It would have been obvious to one having ordinary skill in the art at 
the time of applicant's invention to employ the teachings of Zhao within the system of Wood 
thereby enhancing the security of the system. 

13. As per claim 56, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising: 

a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 10, 
lines 1-29 and column 20, lines 35-60): 
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receive a first request from a first user session for a user, the first request including an 
identifier [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; and 

transmit a first response to the first request, based on the identifier and a first system 
session variable stored in a user database (if session information indicate sufficient 
authorization providing access to requested application or resource) [column 8, lines 13-25, 
column 19, lines, 33-44, 64-67, column 20, lines 1-7 and column 11, lines 12-33]; 

receive a second request from a second user session for the user, the second request 
including the identifier without further user or session application variables, and transmitting a 
second response to the second request, based on the identifier and a second system session 
variable stored in the user database [column 19, lines 64-67, column 20, lines 1-8 and column 
9, lines 40-63]. Wood is silent on a single identifier used to identify both a session and a user. 
However, it is old and well known in the art to identify both a session and a user by a single 
identifier, which has the advantage of allowing flexible control of user logins and session 
information thereby enhancing security of the system. For example, Zhao teaches a user 
access system including a single identifier used to identify both a session and a user for all user 
requests (i.e., see for example, Session ID associated with IUID & Start Time and Time out) 
[column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method for performing user 
and session management. It would have been obvious to one having ordinary skill in the art at 
the time of applicant's invention to employ the teachings of Zhao within the system of Wood 
thereby enhancing the security of the system. 

14. As per claims 58, 65 and 67, Wood teaches a method for performing user and session 
management over a computer network, comprising: 
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receiving a first request from a first user, the first request including a first identifier 
corresponding to the first user [column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 
10, lines 30-39, 49-53]; 

receiving a second request from a second user, the second request including a 
second identifier corresponding to the second user (note that a unique session identifier is 
provided for users, i.e., during request for resources users include the unique session identifier) 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

generating a first application instance responsive to the first identifier and a second 
application instance responsive to the second identifier [column 8, lines 13-25, column 19, lines, 
33-44, 64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single 
identifier used to identify both a session and a user. However, it is old and well known in the art 
to identify both a session and a user by a single identifier, which has the advantage of allowing 
flexible control of user logins and session information thereby enhancing security of the system. 
For example, Zhao teaches a user access system including a single identifier used to identify 
both a session and a user for all user requests (i.e., see for example, Session ID associated 
with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao 
teach a method for performing, user and session management. It would have been obvious to 
one having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 

15. As per claim 66, Wood teaches an apparatus for performing user and session 
management over a computer network, comprising: 
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a processor, and a memory in communication with the processor, the memory for storing 
a plurality of processing instructions for enabling the processor to (9, lines 65-67, column 10, 
lines 1t29 and column 20, lines 35-60): 

receive a first request. from a first user, the first request including a first identifier 
corresponding to the first user [column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 
10, lines 30-39, 49-53]; 

receive a second request from a second user, the second request including a 
second identifier corresponding to the second user (note that a unique session identifier is 
provided for users, i.e., during request for resources users include the unique session identifier) 
[column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

generate a first application instance responsive to the first identifier and a second 
application instance responsive to the second identifier [column 8, lines 13-25, column 19, lines, 
33-44, 64-67, column 20, lines 1-7 and column 11, lines 12-33]. Wood is silent on a single 
identifier used to identify both a session and a user. However, it is old and well known in the art 
to identify both a session and a user by a single identifier, which has the advantage of allowing 
flexible control of user logins and session information thereby enhancing security of the system. 
For example, Zhao teaches a user access system including a single identifier used to identify 
both a session and a user for all user requests (i.e., see for example, Session ID associated 
with IUID & Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao 
teach a method for performing user and session management. It would have been obvious to 
one having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 
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16. As per claim 68, Wood teaches a method for performing user and session management 
over a computer network, comprising: 

receiving, from a first user, a first request in a first session, the first request including a 
first identifier [column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 10, lines 30-39, 
49-53]; 

transmitting a first application instance to the first user in response to the first request 
[column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; 

receiving, from the first user, a second request in a second session, the second request 
including the first identifier, and processing the second request through the first application 
instance [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]; 

receiving, from a second user, a third request in a third user session, the third request 
including a second identifier corresponding to the second user (note that a unique session 
identifier is provided for users, i.e., during request for resources users include the unique 
session identifier) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

transmitting a second application instance to the second user in response to the third 
request [column 8, lines 13-25, column 19, lines, 33-44, 64-67, column 20, lines 1-7 and column 
1 1 , lines 12-33]. Wood is silent on a single identifier used to identify both a session and a user. 
However, it is old and well known in the art to identify both a session and a user by a single 
identifier, which has the advantage of allowing flexible control of user logins and session 
information thereby enhancing security of the system. For example, Zhao teaches a user 
access system including a single identifier used to identify both a session and a user for all user 
requests (i.e., see for example, Session ID associated with IUID & Start Time and Time out) 
[column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a method for performing user 
and session management. It would have been obvious to one having ordinary skill in the art at 
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the time of applicant's invention to employ the teachings of Zhao within the system of Wood 
thereby enhancing the security of the system. 

17. As per claims 75 and 77, Wood teaches a method for interacting A method for 
interacting with a central server over a computer network, comprising: 

transmitting a first request to a central server, the first request including a user identifier 
[column 5, lines 1-9, column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; 
receiving a first application instance in response to the first request [column 19, lines 64- 
67, column 20, lines 1-8 and column 9, lines 40-63]; and 

transmitting a second request to the central server, the second request including the 
identifier without further user or session application variables [column 19, lines 64-67, column 
20, lines 1-8 and column 9, lines 40-63]; and 

receiving a response to the second request from the application instance [column 19, 
lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. Wood is silent on a single identifier 
used to identify both a session and a user. However, it is old and well known in the art to identify 
both a session and a user by a single identifier, which has the advantage of allowing flexible 
control of user logins and session information thereby enhancing security of the system. For 
example, Zhao teaches a user access system including a single identifier used to identify both a 
session and a user for all user requests (i.e., see for example, Session ID associated with IUID 
& Start Time and Time out) [column 5, lines 39-67 and figure 6]. Both Wood and Zhao teach a 
method for performing user and session management. It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to employ the teachings of 
Zhao within the system of Wood thereby enhancing the security of the system. 
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1 8. As per claims 3, 1 3, 23, 31 , 40, 51 , 61 and 71 , Wood further teaches the method further 
comprising: authenticating an identification of the user [column 8, lines 19-25, column 13, lines 
37-67]; and assigning the single identifier to the user [column 14, lines 43-67, column 3, lines 
13-18]. 

V. 

1 9. As per claim 4, 1 4, 24, 32, 41 , 52, 62 and 72, Wood further teaches the method wherein 
said authenticating comprises: 

transmitting a request for a user name and a password to the user [column 7, lines 1- 

24]; 

receiving the user name and password from the user [column 7, lines 1-24, and column 
13, lines 60-67]; and 

comparing the user name and password to stored parameters [column 13, lines 43-47 
and 7, lines 30-33]. 

20. As per claims 5, 1 5, 33, 42, 53, 63 and 73, Wood further teaches the method further 
comprising: 

receiving a second (third / fourth) request form the user for a second application 
instance, the second request including the identifier, and processing the request with the 
application instance [column 19, lines 64-67, column 20, lines 1-8 and column 9, lines 40-63]. 



21 . As per claims 6 and 16, Wood further teaches the method further comprising: 

receiving a second request from a second user, the second request including a second 
identifier corresponding to the second user (note that a unique session identifier is provided for 
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users, i.e., during request for resources users include the unique session identifier) [column 8, 
lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

generating a second application instance responsive to the second identifier [column 19, 
64-67, column 20, lines 1-7 and column 9, lines 40-63]. 

22. As per claims 12, 22, 48, 49, 59, 69, 76 and 78, Wood further teaches the method, 
wherein the identifier does not include user or session application variables for use by the 
application instance (unique session identifier, that is used for access requests to multiple 
applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49-53]. 

23. As per claims 25, 34, 43, 54, 64 and 74, Wood further teaches the method further 
comprising: 

receiving a third request from a second user, the second request including a second 
identifier corresponding to the second user (note that a unique session identifier is provided for 
users, i.e., during request for resources users include the unique session identifier) [column 8, 
lines 13-15, 45-49, and column 10, lines 30-39, 49-53]; and 

generating a second application instance responsive to the second identifier [column 19, 
64-67, column 20, lines 1-7 and column 9, lines 40-63]. 

24. Claims 2, 1 1 , 21 , 30, 39, 50, 60 and 70 are rejected under 35 U.S. C. 1 03(a) as being 
unpatentable over Wood (US Patent No. 6,668,322 B1) in view of Zhao US Patent 6,035,404 as 
applied above and further in view of Gupta et al. (hereinafter Gupta) (US Patent No. 6,226,752 
B1). 
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25. As per claims 2, 11, 21 , 30, 39, 50, 60 and 70, Wood-Zhao teaches the method as 
applied above. Furthermore, Wood teaches assigning a single identifier to the user for handling 
all user requests (i.e., providing a unique session identifier to a user, that is used for access 
requests to multiple applications) [column 8, lines 13-15, 45-49, and column 10, lines 30-39, 49- 
53]. Wood does not explicitly teach the method wherein the single identifier includes a random 
number associated with the user. However Gupta teaches an authentication and session 
management system including a session identifier that includes a random number associated 
with the user [column 6, lines 21-35]. Therefore it would have been obvious to one having 
ordinary skill in the art at the-time the invention was made to incorporate a session identifier that 
includes a random number associated with a user as per teachings of Gupta into the session 
management system of Wood-Zhao, because random generated identifier uniquely identify a 
user for session management with multiple applications. 

(10) Response to Argument 

A. Appellant argued that Wood and Zhao do not teach "receiving ... [a] request including a 
single identifier used to identify both a session and a user for all user requests". Specifically, 
Appellant argued that Zhao does not disclose or suggest "receiving ... [a] request including a 
single identifier used to identify both a session and a user". Appellant further argued that, the 
focus of Zhao is on determining whether too many users are logged into an account. Neither the 
user ID nor the password are a "single identifier used to identify both a session and a user" as 
recited in the claim. 

It is understood by the examiner in view of the specification that, in the present invention, 
a JLVSession cookie uniquely identifies a user and a session as indicated by the specification, 
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page 13, lines 21-24 "...if authentication is successful, the runtime environment returns a 
redirection response to the original request URL together with a single cookie (...) ...for uniquely 
identifying the user and the session". Furthermore, the cookie is used to identify both a user and 
a session, by storing session information in a database and looking up the database and by 
having the cookie information as a keyword to the lookup a table in the database, as indicated in 
the specification page 14, lines 4-7, "...the runtime environment uses the JLVSession cookie 
value from field 36 to identify the user from whom the request originated (step 408), retrieves 
the instance of a user object corresponding to that particular user.." see also figure 3. Examiner 
would point out that, Wood teaches receiving a first request from a user for an application 
instance (user request for information resources / applications, see columns 4, lines 60-67 and 
column 5, lines 1-9), the request including a single identifier for all user requests without further 
user and session application variables (i.e., a user providing a unique session identifier, that is 
used for access requests to multiple applications) [column 8, lines 13-15, 45-49, and column 
10, lines 30-39, 49-53]. Furthermore, Wood teaches a session cookie, that identifies a user 
(session Id & principal Id,, see figure 4 session credentials 420 and session cookie 430) and that 
also identifies a session (session Id & Date creation/expiration time, see figure 4 session 
credentials 420 and session cookie 430). Furthermore, Zhao teaches a single identifier that is 
used to identify both a user and a session (i.e., session ID, stored in a database lookup table 
with other user and session information, as understood by the examiner in view of the 
specification, the session ID is used to identify the user and a session information, see figure 6, 
column 5, lines 39-67 and column 6, lines 28-39). 



Appellant argued that the session ID of Zhao is not received in a user request, it is rather 
generated and maintained internally in the state lookup table. Appellant argued that, Zhao does 
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not teach the session ID identifies both a session and a user. Appellant further argued that, the 
session ID taught by Zhao could be repeated between users. 



Examiner would point out that, Wood reference is used to show the teachings of 
receiving a first request from a user for an application instance (user request for information 
resources / applications, see Wood columns 4, lines 60-67 and column 5, lines 1-9) , the 
request including a single identifier for all user requests without further user and session 
application variables (i.e., a user providing a unique session identifier, that is used for access 
requests to multiple applications) [see Wood, column 8, lines 13-15, 45-49, and column 10, 
lines 30-39, 49-53]. Examiner used Zhao's reference to show the teachings of a single identifier 
that is used to identify both a user and a session (i.e., session ID, stored in a database lookup 
table with other user and session information, as understood by the examiner in view of the 
specification, the session ID is used to identify the user and a session information, see figure 6, 
column 5, lines 39-67 and column 6, lines 28-39). Examiner would further point out that, a 
session ID is generated dynamically for a session and may be a numerical value that increases 
and rotates for each session (i.e., won't be repeated between users in the same session, see 
column 5, lines 45-51). 

B. Appellant argued that neither Zhao nor Wood teach the suggestion, i.e., enhanced 
security that is the motivation of the combination. The examiner's argument for combining the 
references is motivated not by the references of the teachings of the prior art, but rather, by 
impermissible hindsight. Appellant further argued that, Wood actually teaches away from 
combining the recited combination, since Wood describes using two separate identifiers within a 
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session to identify the session and the user. Also, Wood describes that there are additional user 
session and application variables. 

In response to applicant's argument that the examiner's conclusion of obviousness is 
based upon improper hindsight reasoning, it must be recognized that any judgment on 
obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning. 
However, a suggestion, teaching, or motivation to combine the relevant prior art teachings does 
not have to be found explicitly in the prior art, as the teachings, motivation, or suggestion may 
be implicit from the prior art, as a whole, rather than expressly stated in the references. The test 
for an implicit showing is what the combined teachings, knowledge of one of a whole would 
have suggested to those of ordinary skill in the art. In re Kahn , 441 F.3d 977, 988, 78, USPQ2d 
1329, 1336 (Fed. Cir. 2006) citing In re Kotzab , 217 F.3d 1365,1370, 55 USPQ2d 1313 (Fed. 
Cir. 2000). See also In re Thrift , 298 F. 3d 1357, 1363, 63 USPQ2d 2002, 2008 (Fed. Cir. 2002). 
These showings by the examiner are an essential part of complying with the burden of 
presenting a prima facie case of obviousness. Note In re Oetiker , 977 F.2d 1443, 1445, 24 
USPQ2d 1443, 1444 (Fed. Cir. 1992). In this case Wood teaches a session cookie, that 
identifies a user (session Id & principal Id, see figure 4 session credentials 420 and session 
cookie 430) and that also identifies a session (session Id & Date creation/expiration time, see 
figure 4 session credentials 420 and session cookie 430). Zhao is used to show the teachings 
of a single identifier that is used to identify both a user and a session (i.e., session ID, stored in 
a database lookup table with other user and session information, as understood by the 
examiner in view of the specification, the session ID is used to identify the user and a session 
information, see figure 6, column 5, lines 39-67 and column 6, lines 28-39). Both Wood and 
Zhao are directed to a secure user access to computing systems and applications. One of 
ordinary skill in the art at the time of applicant's invention could have been motivated to employ 
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the teachings of Zhao within the system of Wood in order to properly permit access to system 
applications thereby enhancing security of the system [see Zhao, column 1, lines 53-67]. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, A 
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